GDPR
We have been applying the General Data Protection Regulation (GDPR) since 25 May 2018.
General Data Protection Regulation (GDPR)
The full name is: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
What is the purpose of the GDPR?
The GDPR establishes and harmonizes the rules for processing personal data across the entire European Union. In particular, it ensures the security of personal data and protects the right to privacy.
RODO
We process data of clients, potential clients, and individuals indicated by them for contact or contract execution purposes (such as representatives, attorneys-in-fact, employees, and other persons designated by the client or potential client).
We most commonly process general data, such as:
first and last names
other identification data: PESEL (Personal Identification Number), NIP (Tax Identification Number), REGON (Business Registry Number), job titles, places of employment – company name of the business entity
data disclosed in identity documents: document number and series, date of issue and expiry
information on powers of attorney and employee authorizations to represent the client
bank account number
contact details: phone number, email address
correspondence data: residential address, registered office address of the business entity, mailing address
We may process personal data when:
It is necessary for the performance of a contract or to take steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the GDPR) — including the exchange of correspondence related to business relations with mInvestment Banking S.A.
It is required for the purposes of the legitimate interests pursued by the data controller (Article 6(1)(f) of the GDPR), such as:
archiving data,
preparing statistics and reports,
conducting customer satisfaction surveys,
marketing our services,
presenting personalized marketing offers or modifying our offer,
establishing, pursuing, or defending legal claims,
preventing and detecting fraud or crime (ensuring security).
It is necessary for compliance with a legal obligation to which the controller is subject (Article 6(1)(c) of the GDPR); for example, to prevent abuse and ensure the security of economic transactions. This includes obligations under laws such as the Tax Ordinance Act and the Accounting Act.
Personal data at mInvestment Banking S.A. is not subject to automated decision-making, including profiling related to such decisions.
We process personal data provided directly by the data subject — for example, when entering into a contract with us.
We may also use data provided to us by other data controllers, such as:
a client (before or during the execution of a contract),
the Polish Financial Supervision Authority (KNF),
the Ministry of Finance,
law enforcement authorities.
Additionally, we may obtain data from publicly available databases, such as:
the Central Registration and Information on Business (CEIDG),
the National Court Register (KRS).
The controller of your personal data is:
mInvestment Banking S.A., headquartered in Warsaw (00-850), ul. Prosta 18, registered in the Register of Entrepreneurs maintained by the District Court for the Capital City of Warsaw, 13th Commercial Division, under KRS number 0000027381, Tax Identification Number (NIP): 526 021 50 42, Business Registry Number (REGON): 011022668.
We process personal data for as long as it is necessary to achieve the purpose of the processing, but no longer than the period specified by generally applicable laws for the limitation of potential claims.
Data subjects have the right to:
- access their personal data,
- rectify (correct) their data,
- erase their data ("right to be forgotten"),
- restrict the processing of their data,
- data portability,
- object to the processing of their data.
You can contact us:
by traditional mail – by sending a letter to our registered office address:
mInvestment Banking S.A., ul. Prosta 18, 00-850 Warsaw, Polandelectronically – by sending an email to:
rodo@mibsa.pl
In order to perform a contract and fulfill rights and obligations arising from legal regulations, we may share personal data with:
1. Institutions authorized to process data under the law, such as:
the Polish Financial Supervision Authority (KNF),
the Personal Data Protection Office (UODO),
law enforcement authorities.
2. Entities to whom mInvestment Banking S.A. entrusts the performance of services on its behalf, such as:
IT service providers,
courier companies,
law firms,
mBank S.A.
If a data subject suspects that their personal data is being processed in violation of the GDPR, they may file a complaint with the supervisory authority responsible for data protection.
In Poland, this authority is the President of the Personal Data Protection Office (UODO).
We process data of contractors, potential contractors, and individuals indicated by them for contact or contract execution purposes (such as representatives, attorneys-in-fact, employees, and other persons designated by the contractor or potential contractor).
We most commonly process general data, such as:
first and last names
other identification data: PESEL (Personal Identification Number), NIP (Tax Identification Number), REGON (Business Registry Number), job titles, places of employment – company name of the business entity
data disclosed in identity documents: document number and series, date of issue and expiry
information on powers of attorney and employee authorizations to represent the contractor
contact details: phone number, email address
bank account number
correspondence data: residential address, registered office address of the business entity, mailing address
We process personal data provided by the data subject, which is shared with us by contractors before entering into a contract and during its execution. These individuals include the contractors themselves, their employees, and other persons designated for contact purposes.
We may also use data provided to us by other data controllers or obtained from publicly available databases (e.g., the Central Registration and Information on Business – CEIDG).
The controller of your personal data is:
mInvestment Banking S.A., with its registered office in Warsaw (00-850), ul. Prosta 18, entered into the Register of Entrepreneurs maintained by the District Court for the Capital City of Warsaw, 13th Commercial Division, under KRS number 0000027381, Tax Identification Number (NIP): 526 021 50 42, Business Registry Number (REGON): 011022668.
We process personal data for as long as it is necessary to achieve the purpose of the processing, but no longer than the period specified by generally applicable laws for the limitation of potential claims.
Data subjects have the following rights:
the right to access their personal data,
the right to rectify (correct) their data,
the right to erase their data ("right to be forgotten"),
the right to restrict the processing of their data,
the right to data portability,
the right to object to the processing of their data.
You can contact us:
by traditional mail – by sending a letter to our registered office address:
mInvestment Banking S.A., ul. Prosta 18, 00-850 Warsaw, Polandby email – by sending a message to:
In order to perform a contract and fulfill rights and obligations arising from legal regulations, we may share personal data with:
1. Institutions authorized to process data under the law, such as:
the Personal Data Protection Office (UODO),
law enforcement authorities.
2. Entities to whom mInvestment Banking S.A. entrusts the performance of services on its behalf, such as:
IT service providers,
courier companies,
law firms,
mBank S.A.
If a data subject suspects that their personal data is being processed in violation of the GDPR, they may file a complaint with the supervisory authority responsible for data protection.
In Poland, this authority is the President of the Personal Data Protection Office (UODO).